Category Archives: Research

Exploiting VLAN Double Tagging

We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them showcase a weaponized attack. In this blog Amish Patadiya will use VLAN double tagging… Read More

Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension

During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification… Read More

Hacking AWS Cognito Misconfigurations

In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of AWS account takeover via misconfigured AWS Cognito.  TL;DR The application under test only had a login page and no sign up feature exposed. Target application uses AWS Cognito JavaScript SDK… Read More

Identifying & Exploiting Leaked Azure Storage Keys

In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of Remote code execution via Azure Storage when the Azure Function deployment is configured to run from Storage Account using WEBSITE_CONTENTSHARE app setting. TL;DR Access Leaked Storage Account’s Access Key Connect… Read More